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Abstract. There is an increasing demand for controller design techniques ca- 
pable of addressing the complex requirements of todays embedded applications. 
This demand has sparked the interest in symbolic control where lower complex- 
ity models of control systems are used to cater for complex specifications given 
by temporal logics, regular languages, or automata. These specification mech- 
anisms can be regarded as qualitative since they divide the trajectories of the 
plant into bad trajectories (those that need to be avoided) and good trajecto- 
ries. However, many applications require also the optimization of quantitative 
measures of the trajectories retained by the controller, as specified by a cost or 
utility function. As a first step towards the synthesis of controllers reconciling 
both qualitative and quantitative specifications, we investigate in this paper 
the use of symbolic models for time-optimal controller synthesis. We con- 
sider systems related by approximate (alternating) simulation relations and 
show how such relations enable the transfer of time-optimality information 
between the systems. We then use this insight to synthesize approximately 
time-optimal controllers for a control system by working with a lower com- 
plexity symbolic model. The resulting approximately time-optimal controllers 
are equipped with upper and lower bounds for the time to reach a target, 
describing the quality of the controller. The results described in this paper 
were implemented in the Matlab Toolbox Pessoa 1 which we used to workout 
several illustrative examples reported in this paper. 



1. Introduction 

Symbolic abstractions are simpler descriptions of control systems, typically with 
finitely many states, in which each symbolic state represents a collection or aggre- 
gate of states in the control system. The power of abstractions has been exploited 
in the computer science community over the years, and only recently started to 
gather the attention of the control systems community. In the present paper we 
analyze the suitability of symbolic abstractions of control systems to synthesize 
controllers enforcing both qualitative and quantitative specifications. 

Qualitative specifications require the controller to preclude certain undesired 
trajectories from the system to be controlled. The term qualitative refers to the 
fact that all the desired trajectories are treated as being equally good. Examples of 
qualitative specifications include requirements given by means of temporal-logics, 
w-regular languages, or automata on infinite strings. These specifications are hard 
(if not impossible) to address with classical control design theories. In practice, 
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most solutions to such problems are obtained through hierarchical designs with 
supervisory controllers on the top layers. Such designs are usually the result of 
an ad-hoc process for which correctness guarantees are hard to obtain. Moreover, 
these kinds of designs require a certain level of insight that just the most experienced 
system designers posses. Recent work in symbolic control [21 [3J [4] has emerged as 
an alternative to ad-hoc designs. 

In many practical applications, while there are plant trajectories that must be 
eliminated, there is also a need to select the best of the remaining trajectories. 
Typically, the best trajectory is specified by means of a cost or utility associated 
to each trajectory. The control design problem then requires the removal of the 
undesirable trajectories and the selection of the minimum cost or maximum utility 
trajectory. As a first step towards our objective of synthesizing controllers enforcing 
qualitative and quantitative objectives, we consider in the present paper the syn- 
thesis of time-optimal controllers for reachability specifications. A problem of this 
kind, widely studied in the robotics literature, is that of optimal kinodynamic mo- 
tion planning. Such problem is known to easily become computationally hard [5]. 
We discuss in Section |4.4| where the complexity of solving this kind of problems 
resides when following our methods. 

Since the illustrious seminal contributions in the 50 's by Pontryagin [6 and Bell- 
man [TJ, the design of optimal controllers has remained a standing quest of the 
controls community. Despite the several advances since then, solving optimal con- 
trol problems with complex geometries on the state space, constraints in the input 
space, and/or complex dynamics is still a daunting task. This has motivated the 
development of numerical techniques to solve complex optimization problems. A 
common method in the literature is to discretize the dynamics and apply optimal 
search algorithms on graphs such as Dijkstra's algorithm (HUH]. The philosophy be- 
hind such work is to show that by using finer discretizations, one obtains controllers 
that are arbitrarily close to the optimal controller. In contrast, our objective is not 
to approach the optimal solution asymptotically, but rather to effectively compute 
an approximate solution and to establish how much it deviates from the optimal 
one. Other techniques to solve complex optimal control problems include Mixed 
(Linear or Quadratic) Integer Programing [10] and SAT-solvers [TTj . 

The approach we follow in the present paper is complementary to the aforemen- 
tioned techniques and our contribution is twofold: 

• At the theoretical level, we show that time-optimality information can be 
transferred from a system S a to a system Sb when system S a is related to 
system Sb by an approximate (alternating) simulation relation. Hence, we 
decouple the analysis of optimality considerations from the design of algo- 
rithms extracting a discretization S a from the original system Sb- Using this 
result, we show how to construct an approximately time-optimal controller 
for system Sb from a time-optimal controller for system S a . Moreover, we 
also provide bounds on how much the cost or utility of the approximately 
time-optimal controller deviates from the true cost or utility. These bounds 
are often conservative due to the, in general, non-deterministic nature of 
the abstractions used. However, these bounds can still be useful in practice 
as performance guarantees for the obtained solutions. 

• At the practical level, we illustrate the practicality of our results by im- 
plementing them in the freely available Matlab toolbox Pessoa [TJJ Q] . We 
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report on several examples conducted in Pessoa to illustrate the feasibility 
of the proposed approach. 

The proposed results are independent of the specific techniques employed in 
the construction of symbolic abstractions provided that the existence of approxi- 
mately (alternating) simulations relations is established. The specific constructions 
reported in [T31 [H] show that our assumptions can be met for a large class of 
systems, thus making the use of the proposed methods widely applicable. Fur- 
thermore, effective algorithms and data structures from computer science can be 
used to implement the proposed techniques, see for example the recent work on 
optimal synthesis |15j . In particular, the examples presented in the current paper, 
performed in the Matlab toolbox Pessoa, were implemented using Binary Decision 
Diagrams (BDD's) [H] to store systems modeling both plants and controllers. The 
fact that BDD's can be used to automatically generate hardware [T7] or software [T5] 
implementations of the controllers makes them specially attractive. 

The paper is organized as follows: in Section [2] we review the notions of systems 
and relationships between systems. Section [3] formalizes the optimal control prob- 
lem studied in this paper, and establishes relationships between the attainable costs 
for two systems related by (alternating) simulation relationships. Section [4] provides 
an algorithm to solve time-optimal control problems approximately by relying on 
symbolic abstractions. For the convenience of the readers wishing to solve concrete 
time-optimal problems, we provide a concise description of all the necessary steps 
in Section [4. 3| Some illustrative examples are presented in Section [5] and Section [6] 
concludes the paper with a brief discussion. 

2. Preliminaries 

2.1. Notation. Let us start by introducing some notation that will be used through- 
out the present paper. We denote by N the natural numbers including zero and 
by N + the strictly positive natural numbers. With M. + we denote the strictly pos- 
itive real numbers, and with Mq" the positive real numbers including zero. The 
identity map on a set A is denoted by 1a- If A is a subset of B we denote 
by i a ■ A <—} B or simply by i the natural inclusion map taking any a G A to 
i(a) = a E B. The closed ball centered at x € M" with radius e is defined by 
B £ (x) = {y e E™ | \\x - y\\ < e}. We denote by int(A) the interior of a set A. 
A normed vector space V is a vector space equipped with a norm || • ||, as is 
well-known this induces the metric d(x,y) — \\x — y\\, x,y G V. Given a vec- 
tor x € W 1 we denote by Xi the z-th element of x and by ||x|| the infinity norm 
of x; we recall that ||x|j = max{|xi|, |x2|, |x n |}, where \xi\ denotes the abso- 
lute value of Xi. We identify a relation R C A x B with the map R : A — > 2 B 
defined by & € R(a) iff (a, b) 6 R- For a set S € A the set R(S) is defined as 
R(S) = {be B : 3a € S, (a, 6) <E R}. Also, R" 1 denotes the inverse relation de- 
fined by R- 1 = {(6, a) e B x A: (a,b) e R}. Wc also denote by d : X x X -> M+ a 
metric in the space X and by 
ttx ■ X a x Xb x U a x Ub — > X a x Xb the projection sending 
(x a ,Xb,u a ,Ub) € X a x X b x U a x U b to (x a ,Xb) € X a x X b . 

2.2. Systems. In the present paper we use the mathematical notion of systems to 
model dynamical phenomena. This notion is formalized in the following definition: 
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Definition 2.1 (System [E]). A system S is a sextuple (X,X ,U, «- ,Y,H) 

consisting of: 

• a set of states X; 

• a set of initial states X C X 

• a set of inputs U ; 

• a transition relation ► C X x U x X ; 

• a set of outputs Y; 

• an output map H : X —>Y. 

A system is said to be: 

• metric, if the output set Y is equipped with a metric d : Y x Y — > M.q ; 

• countable, if X is a countable set; 

• finite, if X is a finite set. 

We use the notation x ► y to denote (x,u,y) G ► . For a transition 

x — ^-»- y, state y is called a u-successor, or simply successor. We denote the set 
of u-successors of a state x by Post u (a;). If for all states x and inputs u the sets 
Post u (a;) are singletons (or empty sets) we say the system S is deterministic. If, 
on the other hand, for some state x and input u the set Post u (a;) has cardinal- 
ity greater than one, we say that system S is non- deterministic. Furthermore, if 
there exists some pair (x,u) such that Post u (x) = we say the system is block- 
ing, and otherwise non-blocking. We also use the notation U (x) to denote the set 
U{x) = {ue U\Post u (x) 0}. 

Nondctcrminism arises for a variety of reasons such as modeling simplicity. Nev- 
ertheless, to every nondeterministic system S a we can associate a deterministic 
system by extending the set of inputs: 

Definition 2.2 (Associated deterministic system). The deterministic system Sd( a ) = 

(X a , X a Q, Ud( a ), *■ ,Y a ,H a ) associated with a given system 

S a = {X a ,X a0 ,U a , ,Y a ,H a ), is defined by: 

• U d ( a -) — U a x X a ; 

• x - '- r» x' if there exists x *■ x' in S a . 

d(a) a 

Sometimes we need to refer to the possible sequences of outputs that a system 
can exhibit. We call these sequences of outputs behaviors. Formally, behaviors are 
defined as follows: 

Definition 2.3 (Behaviors [13 ). For a system S and given any state x £ X, a 
finite behavior generated from x is a finite sequence of transitions: 

Va * 2/1 * 2/2 ► ■ • • " Vn-l ► 2/™ 

such that yo — H(x) and there exists a sequence of states {xi}, and a sequence of 

inputs {v,i} satisfying: H(xi) — yi and Xi-i * • Xi for all < i < n. 

An infinite behavior generated from x is an infinite sequence of transitions: 

2/o 2/1 ► 2/2 2/3 * • • ■ 

such that yo — H(x) and there exists a sequence of states {xi}, and a sequence of 
inputs {ui} satisfying: H{xi) = yi and x^i » Xi for all i € N. 
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By B X (S) and B X {S) we denote the set of finite and infinite external behaviors 
generated from x, respectively. Sometimes we use the notation 

y = VqV\V2 ■ ■ - Vni to denote external behaviors, and y{k) to denote the A:-th output 
of the behavior, i.e., yu- A behavior y is said to be maximal if there is no other 
behavior containing y as a prefix. 

Our objective is to design time-optimal controllers for control systems, which 
are formalized in the following definition: 

Definition 2.4 (Continuous-time control system). A continuous-time control sys- 
tem is a triple S = (R n ,U,f) consisting of: 

• the state set M. n ; 

• a set of input curves hi whose elements are essentially bounded piece-wise 
continuous functions of time from intervals of the form ]a, 6[C M. to U C R m 
with a < < b; 

• a smooth map f : R" x U -> IT. 

A piecewise continuously differentiate curve £ :]a, b[— > K™ is said to be a trajectory 
or solution of £ if there exists v E U satisfying: 

for almost all t E ]a, b[. 

Although we have defined trajectories over open domains, we shall refer to tra- 
jectories £ : [0,t] — > M. n defined on closed domains [0,t], r G R + with the under- 
standing of the existence of a trajectory £' :)a, b[— > R ra such that £ = £'|[o. r ]- We 
also write (, X v(t) to denote the point reached at time t £ [0,r] under the input v 
from initial condition x; this point is uniquely determined, since the assumptions 
on / ensure existence and uniqueness of trajectories. 

2.3. Systems relations. The results we prove build upon certain simulation re- 
lations that can be established between systems. The first relation explains how a 
system can simulate another system. 

Definition 2.5 (Approximate Simulation Relation |13j). Consider two metric sys- 
tems S a and Sb with Y a = Yf,, and let e G R|j~. A relation R C X a x is an 
e-approximate simulation relation from S a to Sb if the following three conditions 
are satisfied: 

(1) for every x a o € X a o, there exists Xbo G Xbo with (x a o,Xbo) £ R; 

(2) for every (x a ,x b ) E R we have d(H a (x a ), H b (x b )) < e; 

(3) for every (x ai Xb) E R we have that x a x' a in S a implies the existence 

of %b -y* x' b in S b satisfying (x' a ,x' b ) E R. 

We say that S a is e- approximately simulated by Sb or that Sb e -approximately sim- 
ulates S a , denoted by S a ^ Sb, if there exists an e-approximate simulation relation 
from S a to Sb- 

When S a ^| Sb, system S b can replicate the behavior of system S a by starting 
at a state Xbo G X b o related to any initial state x a o E X a g and by replicating every 
transition in S a with a transition in S b according to (3). It then follows from (2) 
that the resulting behaviors will be the same up to an error of e. If s = the second 
condition implies that two states x a and Xb are related whenever their outputs are 
equal, i.e., (x a ,Xb) E R implies H(x a ) = H(xb), and we say that the relation 
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is an exact simulation relation. When nondetcrminisn is regarded as adversarial, 
the notion of approximate simulation can be modified by explicitly accounting for 
nondeterminisn . 

Definition 2.6 (Approximate alternating simulation relation [T3]). Let S a and Sb 

be metric systems with Y a = Yb and let e £ Rq" . A relation R C X a x X b is an 
e-approximate alternating simulation relation from S a to Sb if the following three 
conditions are satisfied: 

(1) for every x a o £ X a Q there exists Xbo £ Xbo with (x a Q,Xbo) £ R; 

(2) for every (x ai x b ) £ R we have d(H a (x a ), H b (x b )) < e; 

(3) for every (x a ,Xb) £ R and for every u a £ U a (x a ) there exists Ub £ Ub(xb) 
such that for every x' b £ Post Ub (xb) there exists x' a £ Post„ a (x a ) satisfying 
(x' a ,x' b ) £ R. 

We say that S a is e -approximately alternatingly simulated by Sb or that Sb s- approximately 
alternatingly simulates S a , denoted by S a di^s &bi if there exists an e-approximate 
alternating simulation relation from S a to Sb ■ 

Note that for deterministic systems the notion of alternating simulation degen- 
erates into that of simulation. In general, the notions of simulation and alternating 
simulation are incomparable as illustrated by Example 4.21 in [T3]- Also note that 
for any system S a , its deterministic counterpart Sm^ satisfies S a ^JJts Sd(a)- As in 
the case of exact simulation relations, we say a O-approximate alternating simula- 
tion relation is an exact alternating simulation relation. 

2.4. Composition of systems. The feedback composition of a controller S c with 
a plant S a describes the concurrent evolution of these two systems subject to syn- 
chronization constraints. In this paper we use the notion of extended alternating 
simulation relation to describe these constraints. The following formal definition is 
only used in the proof of Lemma |3.4| The readers not interested in the proof can 
simply replace the symbol S c XjrS a , defined below, with "controller S c acting on 
the plant S a " ■ 

Definition 2.7 (Extended alternating simulation relation [IS])- Let R be an alter- 
nating simulation relation from system S a to system Sb ■ The extended alternating 
simulation relation R e C X a x Xb x U a x Ub associated with R is defined by all 
the quadruples (x a , Xb, u a , Ub) £ X a x Xb x U a x Ub for which the following three 
conditions hold: 

(1) (x a ,Xb) £ R; 

(2) u a £ U a {x a ); 

(3) Ub £ Ub{xb) and for every x' b £ Post U!j (x b ) there exists x' a £ Post Ua (ir a ) 
satisfying (x' a ,x' b ) £ R. 

The interested reader is referred to [T3] for a detailed explanation on how the 
following notion of feedback composition guarantees that the behavior of the plant 
is restricted by controlling only its inputs. 

Definition 2.8 (Approximate feedback composition Let S c and S a be two 

metric systems with the same output sets Y c — Y a> normed vector spaces, and 
let R by an e-approximate alternating simulation relation from S c to S a . The 
feedback composition of S c and S a with interconnection relation J- — R e , denoted 
by S c Xjr S a , is the system (Xjr^Xjr^Ujr, ► ,Yjr,Hjr) consisting of: 
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• Xf=-k x {F) = R; 

• Xjr n = Xjr n (X c0 x X a0 ); 

• U T = U c x U a ; 

• (x c ,x a ) - (2^)24) if the following three conditions hold: 

(1) (ar c , u c , x'J G — ; 

(2) (x a ,u Q ,0 G — — » ; 

(3) (x c ,x Q ,u c ,u Q ) G J"; 

• >> = Y c = Y a ; 

• fl>(a; ci x a ) = \{H{x c ) + H(x a )). 

We also denote by S c Xjr S a exact feedback compositions of systems, i.e., when- 
ever T = R e with R an exact (e — 0) alternating simulation relation. 

3. TiME-OPTIMAL CONTROL AND SIMULATION RELATIONS 

In this section we provide the main theoretical contribution of this paper by ex- 
plaining how approximate simulation relations can be used to relate time-optimality 
information. 

3.1. Problem definition. To simplify the presentation, we consider only systems 
in which X a = Y a and H a = lx a ■ However, all the results in this paper can be 
easily extended to systems with X a ^ Y a and H a ^= lx a as we explain at the end 
of Section H 

Problem 3.1 (Reachability). Let S a be a system with Y a = X a and H a = lx a , 
and let W C X a be a set of outputs. Let S c be a controller and R an alternating 
simulation relation from S c to S a . The pair (S c ,J-) 7 with J- = R e , is said to 
solve the reachability problem if there exists xq S Xjr such that for every maximal 
behavior y G B XQ (S C Xj- S a ) U B^ Q (S C Xj- S a ), there exists fc(xo) £ N for which 
y(k(x )) = y k{xo) G W. 

We denote by H(S a ,W) the set of controller-interconnection pairs (S c , F) that 
solve the reachability problem for system S a with the target set W as specification. 
For brevity, in what follows we refer to the pairs (S c , J 7 ) simply as controller pairs. 

Definition 3.2 (Entry time). Let S be a system and let W C X be a subset of 
outputs. The entry time of S into W from Xq G Xq, denoted by J(S, W, xq), is the 
minimum k € N such that for all maximal behaviors y G B X „(S) U B Xo (S), there 
exists some k' £ [0, k] for which y(fc') = yy G W . 

If the set W is not reachable from state x$ we define J(S, W, Xq) — oo. Note that 
asking in Definition |3.2| for the minimum k is needed because S might be a non- 
deterministic system, and thus there might be more than one behavior contained 
in B Xo {S) U B% (S) and entering W. 

If system S is the result of the feedback composition of a system S a and a 
controller S c with interconnection relation J- , i.e., S = S c x jr S a , we denote by 
J(S C , T, S a , W, x a o) the minimum entry time over all possible initial states of the 
controller related to x a o' 

J(S C , T, S a , W,x a0 ) = min { J(S C x ? S a , W, (x cQ , x a0 )) I (x cQ , x a0 ) € Xjr } 
x c0 ex aa 

The time-optimal control problem asks for the selection of the minimal entry 
time behavior for every xq £ X Q for which J(S, W,Xq) is finite. 
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Problem 3.3 (Time-optimal reachability). Let S a be a system with Y a = X a and 
H a = lx a ? a>nd let W C X a be a subset of the set of outputs of S a . The time-optimal 
reachability problem asks to find the controller pair 
(S*,T*) G lZ(Sai W) such that for any other pair (S c , J-) G TZ(S ai W) the following 
is satisfied: 

Vx a0 G X a0 , J(S c ,F,S a ,W,x a0 ) > J{S* c ,F*,S a ,W,x a0 ). 

3.2. Entry time bounds. The entry time J acts as the cost function we aim at 
minimizing by designing an appropriate controller. The following Lemma, which is 
quite insightful in itself, explains how the existence of an approximate alternating 
simulation relates the minimal entry times of each system. 

Lemma 3.4. Let S a and Sb be two systems with Y a = X a . H a = lx a , Yb = Xb 
and Hi, = lx b , and let W a C X a and Wb C Xb be subsets of states. If the following 
two conditions are satisfied: 

• S a ^as St with the relation R e C X a x Xf,; 

• Rs(W a ) C W b 
then the following holds: 

(x a0 ,Xbo)&Re => J(Sca^li S a ,W a ,X a0 ) > J (S* b , J 7 ^ , S b ,W b , X b o) 

where {S* a ,J-*) G 1Z(S a ,W a ) and (S* b ,T^) G lZ(Sb,Wb) denote the time-optimal 
controller pairs for their respective time-optimal control problems, and x a $ G X a Q, 
Xbo G Xbo- 

Proof. We prove the result by parts. In the case when 

J(S* a ,J r *,S a ,W ai x a o) = oo, the result is trivially true. Thus, we analyze the 
case when J(S* a , J 7 *, S a , W a , x a o) < oo. In this case, we show that there exists a 
controller S c for Sb such that: 

(1) J(s c , g, s b ,w b ,x b0 ) < j(s* ca ,j^,s a ,w a ,x a0 ). 

This is proved by showing that for every maximal behavior 
y b G B(x c o,x bo )(Sc x | Sb) U B^ XcQ Xb0 ){S c Xg Sb) there exists a maximal behavior 
V a e B (Xca0tXao} (S* ca S a ) U % c 2 Xao) (S* a X?* S a ) e-related to y b . The proof is 
finalized by noting that to be optimal, the controller (S* b ,J-^) has to satisfy: 

J{S* c b^b^Sb,W b ,x w ) < J(S c ,g,S b ,W b ,Xbo) < J(S* a> J^,S a ,W a ,x a0 ) 

for all x a o G X a o and Xbo G Xbo such that (x a o, %bo) & Re, hence proving the result. 

We start defining the controller S c for system Sb- Let R a be the alternating 
simulation relation defining the interconnection relation J-* = R^. We define an 
interconnection relation Q = R e G that allows us to use the system S c = S* a Xjf* S a 
as a controller for system Sb- The interconnection relation Q — Rq is determined 
by the relation: 

Rg = {((x ca ,X a ),X b ) G (X* a X X a ) X X b | {x ca ,X a ) G R a A (x a ,Xb) G R e }- 

Furthermore, one can easily prove (for a detailed explanation see Proposition 11.8 
in [13]) that 

(2) S c x" g Sb S c = S* ca x T: S a , 
with the relation R c b C Xg x X c : 

Rcb = {((x c ,x b ),x' c ) G X g x Xjr, | x c = x' c }. 
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In order to show that for every maximal behavior 
y b G B( Xc0tXb0 )(S c x| S b ) U B( Xc0iXb0 )(Sc x e S b ) there exists an e-related maxi- 
mal behavior y a G B {Xca0 ^ Xao) (S* ca Xjr, S a ) U B( Xca0tXa0 ){SZ a x^ a * ^a), we first make 
the following remark: for any pair (x a ,Xb) G R e , by the definition of alternating 
simulation relation, if U a (x a ) ^ then Ub(xb) 7^ 0- From the definition of Q it 
follows that for all ((x ca , x a ),Xb) G the pair (x a ,Xb) belongs to R e . Thus, for 
any pair of related states (x a , x b ) € R £ , there exists xg £ Xg, namely (x c , xt), with 
aj c = (^ca; ^a), s0 that U c (x c ) 7^ => Ug(xg) 7^ 0. The existence of the simula- 
tion relation (pit) implies that for every behavior y b there exists an e-related behavior 
y a . Any infinite behavior is a maximal behavior, and thus we already know that 
for every (maximal) infinite behavior y & there exists an e-related (maximal) infinite 
behavior y a . Moreover, if y b is a maximal finite behavior of length I, the set of 
inputs Ug(yf) is empty. As shown before, this implies that U c {yf) = 0, and thus 
y a is also maximal, where y a is the corresponding behavior of S* a Xjr, S a e-related 
to y b . 

We now show that ([!]) holds. For any initial state x a o there exists an ini- 
tial controller state x ca o G i?~ 1 (x a o) of S* a , such that every maximal behavior 
y a € t3(x ca0 ,x a0 )(S* a Xjr. So) Li Bf Xca0tXao) (S* a xjr, S a ) reaches a state x a G W a in 
the worst case after J{S* a , J 7 *, S a , W a , x o) steps. We assume in what follows that 
the controller is initialized at that x ca Q. Thus, as maximal behaviors of S c Xg Sb are 
related by R c b to maximal behaviors 

of S* a Xjr* S a , for any Xbo € R £ (x a o) every maximal behavior 
y b ^ B iXc0 ^ Xbo) (S c x g S b )UB^ Xco Xbo) (S c x g S b ) reaches some state x b G R E {W a ) 
in at most J(S* a , T* , S a , W a , x a o) steps. But then, from the second assumption, 
Xb G i? e (Wa) implies that x& G W& and we have that 

j(s c ,g,Sb,Wb,x b0 ) < j(s* a ,Ja,s a ,w a ,x a0 ) 

for all x a o G X a o and Xbo G Xbo such that (x a o,Xf,o) G R £ . 

□ 

The second assumption in Lemma [3^4] requires the sets W a and Wi, to be related 
by R. This assumption can always be satisfied by suitably enlarging or shrinking 
the target sets. 

Definition 3.5. For any relation R C X a x Xb and any set W C Xb, the sets 
\W\r,\W~\r are given by: 

\_W\r = {x a eX a \R(x a )CW}, 
\W] R = {x a G X a | R(x a ) nif^0}. 

The main theoretical result in the paper explains how to obtain upper and lower 
bounds for the optimal entry times in a system Sb by working with a related system 

Sa- 

Theorem 3.6. Let S a and Sb be two systems with Y a = X a . H a = lx a , Yb = Xb 
and Hb = lx b ■ If Sb is deterministic and there exists an approximate alternating 
simulation relation R from S a to Sb such that is an approximate simulation 
relation from Sb to S a , i.e.: 

S a ^as Sb ^5 S a , 
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then the following holds for any W C X b and (x a o,x b o) € -R- 

J(Scd(a),Fd,S d ( a ), \W~\ R ,X a0 ) < J (S* b , T b , S b , W, X b0 ) < J(S* a ,J r , S a , \W \ R, X a o) 

where the controller pairs (S* b ,T£) G lZ(S b ,W), (S* a ,J-*) G 7t(S a , [W\ r) and 
(^cd(a)^d) ^ TZ(8d(a)> \W~\r) are optimal for their respective time-optimal control 
problems. 

Proof. Note that Sb di^s Sd(a), by the assumed relation and both systems being de- 
terministic. Also note that, by definition, R( \ W\ r) C W and 



R~ 1 {W) C \W~\ R . Then the proof follows from Lemma |3.4| □ 
Remark 3.7. If Sb is not deterministic the inequality 

J(S* b ,T b ,S b ,W,x bQ ) < j(S* a ,T,S a , \W\ R ,x M ) 

still holds. 



Theorem 3.6 explains how upper and lower bounds for the entry times in S b 
can be computed on S a , hence decoupling the optimality considerations from the 
specific algorithms used to compute the abstractions. This possibility is of great 
value when S a is a much simpler system than S b . We exploit this observation in the 
next section where S b denotes a control system and S a a much simpler symbolic 
abstraction. 

4. Approximate time-optimal control 

Our ultimate objective is to synthesize time-optimal controllers to be imple- 
mented on digital platforms. The appropriate model for this analysis consists of a 
time-discretization of a control system. 

Definition 4.1. The system S T (T,) = (A T ,A T o,C/ r , ► ,Y T ,H T ) associated with 

a control system £ = (M. n ,U, /) and with t G R + consists of: 

• X T = R n ; 

• A T o = X T ; 

• U T = {v G U | domw = [0, t]}; 

• x — — *■ x' if there exist v G U T t and a trajectory £ xv : [0, r] — > R" of S 

T 

satisfying £ xv (t) = x' ; 

• Y T = R n ; 

• H T — lRrz . 

A symbolic abstraction of a control system is a system in which its states represent 
aggregates or collections of states of the original control system. It has been shown 
in [51|31[T1] that one can construct, under mild assumptions, symbolic abstractions 
in the form of finite systems S abs satisfying 
Sabs ^as 5V(£) ^5 S abs with arbitrary precision e. Since S abs is a finite system, 
entry times for S abs can be efficiently computed by using algorithms in the spirit of 
dynamic programming or Dijkstra's algorithm [191 120] . It then follows from Theo- 
rem 3.6 that these entry times immediately provide bounds for the optimal entry 
time in 5 T (S). Moreover, the process of computing the optimal entry times for S abs 
provides us with a time-optimal controller for S abs that can be refined to an ap- 
proximately time-optimal controller for SV(£). The refined controller is guaranteed 
to enforce the bounds for the optimal entry times in S T (T,), computed in S abs . 
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4.1. Controller design. We now present a fixed point algorithm solving the time- 
optimal reachability problem for finite symbolic abstractions S abs . We start by 
introducing an operator that help us define the time-optimal controller in a more 
concise way. 

Definition 4.2. For a given system S abs and target set W C X a b s > the operator 
G w ■ 2 Xabs -> c Z Xabs is defined by: 

G W {Z) = {x ab3 G X aba | x abs e W V 3 u abs e U abs (x abs ) s.t. ^ Post Uai)s (x a()s ) C Z}. 

A set Z is said to be a fixed point of if Gyy(Z) = Z. It is shown in [13] that 
when S a bs is finite, the smallest fixed point Z of Gvi/ exists and can be computed 
in finitely many steps by iterating G\y, i.e., Z — lim^oo G l w (0) . Moreover, the 
reachability problem admits a solution if the minimal fixed point Z of Gw satisfies 
Z n X aos o 7^ 0. The time-optimal controller pair can then be constructed from Z 
as follows: 

Definition 4.3 (Time-optimal controller pair). For any finite system 
Sabs = (AT a & s ,^afcsO, C^abs, — r* , X abs , l Xab J and for any set W a C X a , i/ie iime- 

aos 

optimal controller pair (S* abs ,J-*) € lZ(S abs , W) is given by the system S* abs = 
(X cab s,X cab s 0l U ab s, —r* , X ca6s , lx co[ ,J and 6j/ i/ie interconnection relation F* = 
Rtabs defined by: 

• ^cabs {^cabst %abs} ^ ^cabs ^ -^-abs | %cabs *^a6s} 

. Z = lim^ oo GV(0); 

• AT ca ;, s = Z; 

• JCcafesO = Z n X a b s o; 

• ^cahs Uab \ x' cabs if there exists a k 6 N + smc/i i/iai x ca (, s ^ G^(0) and 
0^Post Ua6s (x co6s ) CG^(|), 

where Post Uabs (a; C a&s) refers to the u ab s -successors in S abs - 

For more details about this controller design we refer the reader to Chapter 6 

of peg. 

4.2. Controller refinement. The time-optimal controller pair (S* ab s,^*) obtained 
in the previous section can be easily refined into a controller pair («S CT (E), J>) 
for Sy(£). Let R absT be the e-approximate alternating simulation relation from 
S abs to Sy(£), then the refined controller (S CT (Yi),F T ) is given by the system 

S CT = (X CT , X CT o, U T , >- ,X CT , 1x C t) an< ^ °y the interconnection relation J- T = 

i?^ defined by: 

• _Z? r {(x c7 -, X-7-) G X CT x -X~ T | x c7 - — 

• X CT = X T ; 

• X ct0 = X rQ ; 

• x CT — ► x' CT if there exists u abs = u T , x cabs € RabsriXcr) and 

X 'cabs e #ai> S T« T ) SUCh that X cabs ^ x' cabs , 

where we assumed U abs C f/ T . 

Intuitively, the refined controller enables all the inputs in U ca bs{x a bs) at every 
state a; r G X r of the system 5 T (S) that is related by R a bsr to the state x a b s e X a (, s 
of the abstraction S'abs. It is important to notice that this controller is non- 
deterministic, i.e., at a state x T all the inputs in 
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U CT (x T ) — U x b eR -i / x }U ca bs{xabs) are available and they all enforce the cost 
bounds. 

4.3. Approximate time-optimal synthesis in practice. The following is a typ- 
ical sequence of steps to be followed when applying the presented techniques in 
practice. 

(1) Select a desired precision e. This precision is problem dependent and 
given by practical margins of error. 

(2) Construct a symbolic model. Given e construct, using your favorite 
method, a symbolic model S abs satisfying: S abs z^^ts S T (S) ^ S abs . Such 
abstractions can be computed using Pessoa [TJ [T2] . 

(3) Compute the cost's lower bound. This bound is obtained as: 
j{Scd(abs),J r j,S d{abs) ,\W]R,x abs0 ) = min{fc £ N+ | x abs0 £ GjV| B (0)} - 1 
with Gw defined for system Sd( a bs)- This is the best lower bound one can 
obtain since it follows from Theorem |3.4| that by reducing e one does not 
obtain a better lower bound. 

(4) Compute the cost's upper bound. This bound is obtained as: 
J{S* cabs ,F*,S abs ,lW] R ,x abs0 ) = min{fc G N+ | x abs0 € Gjy jR (0)} - 1 
with Gw defined for system S abs . The controller obtained when computing 
this bound, i.e. S* abs , is the time-optimal controller for S abs and approxi- 
mately time-optimal for SV(E) after refinement. 

(5) Iterate. If the obtained upper bound is not acceptable, refine the symbolic 
model so that the new model S abs 2 satisfies^] S abs diAS Sabs2 ^as ^(S) 
with e' < e and e" < e. In virtue of Theorem |3.4| (and Remark 3.7) 
the upper bound will not increase. Moreover, it is our experience that, in 
general, the upper bound will improve by using more accurate symbolic 
models, i.e., e' < e. 

The more general case where X T ^ Y T , H T =/= lx T and one is given an output 
target set Wy C Y can be solved in the same manner by using the target set 
If CI defined by W = H- 1 (W Y ). 

4.4. Generalizations and Complexity. We briefly discuss in this section some 
simple generalizations of the proposed methods and the corresponding complexity. 
We first note that time-optimal synthesis can be combined with safety (qualitative) 
objectives when the specification is given as the requirement to satisfy both a safety 
constraint and a reachability requirement. A controller for such specifications can 
be obtained by first synthesizing the least restrictive controller enforcing the safety 
constraint and then solving a time-optimal reachability problem. In particular, this 
approach can be used for specifications given as a Linear Time Logic (LTL) formula 
of the kind <j) A O p, where p is an atomic proposition denoting a set of states and 
(j> is a formula in the safe- LTL fragment of LTL [21] . 

The general solution of a problem including qualitative and quantitative (time- 
optimal) specifications consists of five steps: abstraction of the control system; 
translation of the safe-LTL formula into a deterministic automaton recognizing all 
the behaviors satisfying the formula; composition of this automaton with the finite 
abstraction; synthesis of a controller by solving a safety game in the finite system 



^The constructions in |14| satisfy this property with e = rj/2, e' = rj' /2 and e" = - ^ by 
selecting T)' = ^ with p > 1 an odd number and 8 = e, 8' = e' . 
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resulting from the composition; and finally, the synthesis of the final controller as a 
solution to a time-optimal reachability game in the abstraction composed with the 
intermediate (safety) controller. 

According to the five steps solution, the (time) complexity of solving these gen- 
eral problems can be split in terms of those steps. The abstraction problem, follow- 
ing the techniques in |14[ 113) can be easily shown to have exponential complexity 
on the dimension of the control system; the translation of a safe-LTL formula into 
a deterministic automaton has doubly exponential complexity on the length of the 
formula [22] ; composition of finite automata is a polynomial problem on the num- 
ber of states of the composed automata; and, finally, the solution of reachability or 
safety games on finite automata also takes polynomial time in the number of states. 
This last step can be shown to be polynomial by noting that both problems admit a 
solution as the fixed-point of an operator j^SJ H3] that needs to be iterated at most 
as many times as the number of states of the finite automaton. This brief analysis 
indicates that the bottleneck, in general, lies on the abstraction process, as the 
translation of safe-LTL formulas, even though theoretically more complex, tends to 
be an easier problem due to the short length of the formulas used in practice. 

5. Examples 

To illustrate the provided results and its practical relevance we implemented 
the time-optimal controller design algorithm in Section [4] in the publicly available 
Matlab toolbox named Pessoa [U [12]. All the run-time values for the examples 
where obtained on a MacBook with 2.2 GHz Intel Core 2 Duo processor and 4GB 
of RAM. The abstractions generated by Pessoa and used in the following examples, 
are obtained by discretizing the dynamics with sample time r and the state and 
input sets with discretization steps r\ and fi respectively. We refer the readers to [14] 
where these abstractions are studied in detail. The precision e of such abstractions 
can be adjusted by reducing the discretization parameters r\ and \i. 

5.1. Double integrator. We illustrate the proposed technique on the classical 
example of the double integrator, where £ is the control system: 



km 



1 




v(t) 



and the target set W is the origin, i.e., W = {(0,0)}. 

Following the steps presented in Section [4] first we select a precision e which in 
this example we take as e = 0.15. Next, we relax the problem by enlarging the 
target set to W = Bi((0, 0)). We select as parameters for the symbolic abstraction 
t = 1, /x = 0.1 and rj = 0.3. Restricting the state set to X = B 30 ((0,0)) C M 2 
the state set of Sy(£) becomes finite and the proposed algorithms can be applied. 
Constructing the abstraction S T (E) in Pessoa took less than 5 minutes and the 
resulting model required 7.9 MB to be stored. The lower bound required about 50 
milliseconds while computing the time-optimal controller required only 3 seconds 
and the controller was stored in 1 MB. 



The approximately time-optimal controller S* is depicted in Figure 1(a) We 



remind the reader that the obtained controller is non-deterministic. Hence, Fig- 



1(a) shows one of the valid inputs of the time-optimal controller at different 



locations of the state-space. The optimal controller to the origin is also shown in 



Figure 1(a) represented by the switching curve (thick blue line) dividing the state 



14 



MANUEL MAZO JR AND PAULO TABUADA 



space into regions where the inputs u — 1 (below the switching curve) and u = — 1 
(above the switching curve) are to be used. As expected, the partition produced 
by this switching curve does not coincide with the one found by our toolbox, as the 
time-optimal controller reported in |24j is not time-optimal to reach the set W (it 
is just optimal when the target set is the singleton {(0,0)}). 

Although the computed bounds are conservative, the cost achieved with the 



symbolic controller is quite close to the true optimal cost as illustrated in Figure 1(b) 



and Table [T] This is a consequence of the bounds relying entirely on the worst 
case scenarios induced by the non-determinism of the computed abstractions. In 
practice, the symbolic controller determines the actual state of the system every 
time it acquires a state measurement thus resolving the nondeterminism present 
in the abstraction. In Figure 1(b) | we present the ratio between the cost to reach 
W, obtained from the symbolic controller, and the time-optimal controller. The 
time-optimal controller to reach the origin operates in continuous time and thus for 
some regions of the state-space the cost obtained will be smaller than one unit of 
time. On the other hand, the approximate time-optimal controller obtained with 
our techniques cannot obtain costs smaller than one unit of time, as it operates in 
discrete time. Hence, to make the comparison fair, in Figure [1(b) the costs achieved 
by the time-optimal controller smaller than one unit of time were saturated to a 
cost of 1 time unit. In Table [l] specific values of the time to reach the target set W 
using the constructed controller are compared to the cost of reaching W with the 
true time-optimal controller to reach the origin. 



gin ihMiimiMHi. 



"""■■I!! 

V M ssssa 



(a) 




(b) 



Figure 1. (a) Symbolic controller S*. (b) Time to reach the tar- 
get set W represented as the ratio between the times obtained from 
the symbolic controller and the times obtained from the continuous 
time-optimal controller to reach the origin. 



5.2. Unicycle example. With this example we want to persuade the reader of the 
potential of the presented techniques to solve control problems with both qualitative 
and quantitative specifications. The problem we consider now is to drive a unicy- 
cle through a given environment with obstacles. In this example both qualitative 
and quantitative specifications are provided. The avoidance of obstacles prescribes 
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Initial State 



(-6.1,6.1) (-6,6) (-5.85,5.85) (3.1,0.1) (3,0) (2.85,-0.1) 



Continuous 
Symbolic 
Upper Bound 
LowerBound 

Table 1. 



12.83 s 
14 s 

29 s 
9 s 



12.66 s 
14 s 
29 s 
9 s 



11.60 s 
13 s 
29 s 
9 s 



2.66 s 

3 s 
7 s 
2 s 



2.53 s 
3 s 
7 s 
2 s 



2.38 s 
3 s 
7 s 
2 s 



Times achieved in simulations by a time-optimal con- 



troller to reach the origin and the symbolic controller. 




Figure 2. Unicycle trajectory under the automatically generated 
approximately time-optimal feedback controller (left figure) and 
the inputs employed: v in yellow and ui in pink (right figure). 



conditions that the trajectories should respect, thus establishing qualitative require- 
ments of the desired trajectories. Simultaneously, a time-optimal control problem 
is specified by requiring the target set to be reached in minimum time, thus defin- 
ing the quantitative requirements. Hence, the complete specification requires the 
synthesis of a controller disabling trajectories that hit the obstacles, and selecting, 
among the remaining trajectories, those with the minimum time-cost associated to 
them. 

We consider the following model for the unicycle control system: 

x = vcos(9), y — vsin(9), 9 = lu 

in which (x, y) denotes the position coordinates of the vehicle, 9 denotes its ori- 
entation, and {v,lo) are the control inputs, linear velocity and angular velocity 
respectively. The parameters used in the construction of the symbolic model are: 
1] = 0.2, ^ = 0.1, r = 0.5 seconds, and v € [0, 0.5] and u) € [-0.5, 0.5]. The prob- 
lem to be solved is to find a feedback controller optimally navigating the unicycle 
from any initial position to the target set W = [4.6, 5] x [1, 1.6] x [— n, n], indicated 
with a red box in Figure [2] (with any orientation 9), while avoiding the obstacles 
in the environment, indicated as blue boxes in Figure [2] The symbolic model was 
constructed in 179 seconds and used 11.5 MB of storage, and the approximately 
time-optimal controller was obtained in 5 seconds and required 3.5 MB of stor- 
age. In Figure [2] we present the result of applying the approximately time-optimal 
controller with the prescribed qualitative requirements (obstacle avoidance). The 
(approximately) bang-bang nature of the obtained controller can be appreciated in 
the right plot of this figure. For the initial condition (1.5, 1, 0) the solution obtained, 
presented in Figure [2j required 44 seconds to reach the target set. 
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6. Discussion 

We have proposed a computational approach to solve time-optimal control prob- 
lems by resorting to symbolic abstractions. The obtained solutions provide explicit 
lower and upper bounds on the achievable cost. The employed techniques allow 
us to solve complex time-optimal control problems, with target sets, state sets and 
dynamics of very general nature. 

The main theoretical result shows that symbolic abstractions which approxi- 
mately alternatingly simulate a control system provide bounds for the achievable 
cost of time-optimal control problems. An algorithm has been provided to ob- 
tain these cost bounds by solving corresponding optimal control problems over 
the symbolic abstraction. Furthermore, this algorithm produces an approximately 
time-optimal symbolic controller that can be easily refined into a controller for the 
original system, as shown in Section |4.2| On the practical side, we have imple- 
mented the presented algorithms in the Pessoa toolbox resorting to binary decision 
diagrams as the underlying data structures. We have also illustrated the techniques 
using Pessoa on two examples, the last of which illustrates how symbolic models 
can be used to solve problems with both qualitative and quantitative requirements. 

Future work will concentrate in the development of synthesis algorithms for com- 
binations of general qualitative and quantitative specifications for control systems. 
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